Detections
Analytics
VCLD-80-000022 The vCenter VAMI service must off-load log records onto a different system or media from the system being logged.
Information
Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up log records to an unrelated system or onto separate media than the system the web server is actually running on helps to assure that, in the event of a catastrophic system failure, the log records will be retained.Satisfies: SRG-APP-000125-WSR-000071, SRG-APP-000358-WSR-000063, SRG-APP-000358-WSR-000163
Solution
Navigate to and open:/etc/vmware-syslog/vmware-services-applmgmt.conf
Create the file if it does not exist.
Set the contents of the file as follows:
#applmgmt.log
input(type="imfile"
File="/var/log/vmware/applmgmt/applmgmt.log"
Tag="applmgmt"
Severity="info"
Facility="local0")
#applmgmt-audit.log
input(type="imfile"
File="/var/log/vmware/applmgmt-audit/applmgmt-audit.log"
Tag="applmgmt-audit"
Severity="info"
Facility="local0")
#applmgmt-backup-restore-audit.log
input(type="imfile"
File="/var/log/vmware/applmgmt-audit/applmgmt-br-audit.log"
Tag="applmgmt-br-audit"
Severity="info"
Facility="local0")
#vami-access.log
input(type="imfile"
File="/opt/vmware/var/log/lighttpd/access.log"
Tag="vami-access"
Severity="info"
Facility="local0")
#vami-error.log
input(type="imfile"
File="/opt/vmware/var/log/lighttpd/error.log"
Tag="vami-error"
Severity="info"
Facility="local0")
#dcui.log
input(type="imfile"
File="/var/log/vmware/applmgmt/dcui.log"
Tag="dcui"
Severity="info"
Facility="local0")
#detwist.log
input(type="imfile"
File="/var/log/vmware/applmgmt/detwist.log"
Tag="detwist"
Severity="info"
Facility="local0")
#firewall-reload.log
input(type="imfile"
File="/var/log/vmware/applmgmt/firewall-reload.log"
Tag="firewall-reload"
Severity="info"
Facility="local0")
#applmgmt_vmonsvc.std*
input(type="imfile"
File="/var/log/vmware/applmgmt/applmgmt_vmonsvc.std*"
Tag="applmgmt_vmonsvc"
Severity="info"
Facility="local0")
#backupSchedulerCron
input(type="imfile"
File="/var/log/vmware/applmgmt/backupSchedulerCron.log"
Tag="backupSchedulerCron"
Severity="info"
Facility="local0")
#progress.log
input(type="imfile"
File="/var/log/vmware/applmgmt/progress.log"
Tag="progress"
Severity="info"
Facility="local0")
#statsmoitor-alarms
input(type="imfile"
File="/var/log/vmware/statsmon/statsmoitor-alarms.log"
Tag="statsmoitor-alarms"
Severity="info"
Facility="local0")
#StatsMonitor
input(type="imfile"
File="/var/log/vmware/statsmon/StatsMonitor.log"
Tag="StatsMonitor"
Severity="info"
Facility="local0")
#StatsMonitorStartup.log.std*
input(type="imfile"
File="/var/log/vmware/statsmon/StatsMonitorStartup.log.std*"
Tag="StatsMonitor-Startup"
Severity="info"
Facility="local0")
#PatchRunner
input(type="imfile"
File="/var/log/vmware/applmgmt/PatchRunner.log"
Tag="PatchRunner"
Severity="info"
Facility="local0")
#update_microservice
input(type="imfile"
File="/var/log/vmware/applmgmt/update_microservice.log"
Tag="update_microservice"
Severity="info"
Facility="local0")
#vami
input(type="imfile"
File="/var/log/vmware/applmgmt/vami.log"
Tag="vami"
Severity="info"
Facility="local0")
#vcdb_pre_patch
input(type="imfile"
File="/var/log/vmware/applmgmt/vcdb_pre_patch.*"
Tag="vcdb_pre_patch"
Severity="info"
Facility="local0")
#dnsmasq.log
input(type="imfile"
File="/var/log/vmware/dnsmasq.log"
Tag="dnsmasq"
Severity="info"
Facility="local0")
#procstate
input(type="imfile"
File="/var/log/vmware/procstate"
Tag="procstate"
Severity="info"
Facility="local0")
#backup.log
input(type="imfile"
File="/var/log/vmware/applmgmt/backup.log"
Tag="applmgmt-backup"
Severity="info"
Facility="local0")
#size.log
input(type="imfile"
File="/var/log/vmware/applmgmt/size.log"
Tag="applmgmt-size"
Severity="info"
Facility="local0")
#restore.log
input(type="imfile"
File="/var/log/vmware/applmgmt/restore.log"
Tag="applmgmt-restore"
Severity="info"
Facility="local0")
#reconciliation.log
input(type="imfile"
File="/var/log/vmware/applmgmt/reconciliation.log"
Tag="applmgmt-reconciliation"
Severity="info"
Facility="local0")
#pnid_change.log
input(type="imfile"
File="/var/log/vmware/applmgmt/pnid_change.log"
Tag="applmgmt-pnid-change"
Severity="info"
Facility="local0")
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_8-0_Y24M08_STIG.zip
Item Details
Category: AUDIT AND ACCOUNTABILITY
References: 800-53|AU-4(1), 800-53|AU-9(2), CAT|II, CCI|CCI-001348, CCI|CCI-001851, Rule-ID|SV-259142r960948_rule, STIG-ID|VCLD-80-000022, Vuln-ID|V-259142
Plugin: Unix
Control ID: 687fd7ad7cfa790726618fb5e920bb225c754efa3281b5a4a6a74ed835ba0fcf